Crypto news

Analysts from the specialized division F6 Digital Risk Protection have recorded an alarming trend: at least three hacker groups have launched a targeted campaign to steal cryptocurrency from Russian users. The attackers use so-called "drainers"—malicious programs designed to instantly empty crypto wallets. They skillfully disguise their criminal schemes as legitimate affiliate programs for investors.

Attack Mechanics: From Bonus to Complete Loss of Assets

Between late May and early June of this year, at least 15 bait websites containing hidden crypto drainers were launched. The deception mechanism is honed to automation. The victim is lured with a promise to open an investment account and receive a welcome bonus of $50 in USDT. To activate the "generous" offer, the user is asked to connect their wallet by scanning a QR code through the official app.

At first glance, the victim independently approves the integration and signs the transaction request. However, in reality, this operation gives attackers full access to withdraw all funds: cryptocurrency, tokens, and even NFTs. Once authorization on the fake site is complete, the drainer checks the balance with several requests and instantly withdraws everything available.

Main Types of Bait

Specialists identify three key tricks used by the groups:

• Investment accounts: promising a bonus for registration.
• Telegram activity: offering a profitable purchase of "stars" or other internal assets.
• Bonus programs: distributing free tokens for connecting a wallet.

It is important to understand that this is not an isolated case. Maria Sinitsyna, senior analyst at the Digital Risk Protection department of F6, notes that drainers have been used before. Several years ago, they were actively spread among English-speaking users, after which their activity declined. Now we are witnessing a new wave, specifically targeting the Russian-speaking audience. Although F6 specialists have already submitted a request to block the identified malicious resources, attackers are quickly creating new domains to replace those that have been shut down.

How to Protect Your Digital Assets

In the current environment, investors need to exercise extreme caution. Experts strongly recommend:

• Completely avoid clicking on suspicious links from advertisements.
• Carefully verify the domain name of the site you are on. Scammers often register domains that sound similar to well-known brands.
• Check the site's creation date through specialized Whois services—fresh domains should raise suspicion.
• Keep in mind that brokerage activities in Russia are only conducted with a license from the Bank of Russia. Verify the license and official online resources of the broker on the Central Bank's website.
• Cross-check any promotions exclusively on official platforms.
• A suspicious site can be sent to the "Antiphishing" platform—F6 specialists will verify the information and pass it to regulators for blocking.

My comment: This wave of attacks is a vivid example of how phishing evolves for specific jurisdictions. The use of "welcome bonuses" and social engineering adapted to the Russian user makes these schemes especially dangerous. Cryptocurrency owners should remember a simple rule: if you are offered money for connecting your wallet, it is almost certainly a trap. Security begins with a conscious refusal of any unverified integrations.